CVE-2026-33179

MEDIUM 5.5

libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

2th

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails during io_uring queue entry setup, the code proceeds with NULL pointers. When fuse_uring_register_queue fails, NUMA allocations are leaked and the function incorrectly returns success. Only the io_uring transport is affected; the traditional /dev/fuse path is not affected. PoC confirmed with AddressSanitizer/LeakSanitizer. This issue has been patched in version 3.18.2.

CWE	CWE-476
Vendor	libfuse
Product	libfuse
Published	Mar 20, 2026
Last Updated	Mar 25, 2026

Stay Ahead of the Next One

Get instant alerts for libfuse libfuse

Be the first to know when new medium vulnerabilities affecting libfuse libfuse are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

libfuse / libfuse

>= 3.18.0, < 3.18.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/libfuse/libfuse/security/advisories/GHSA-x669-v3mq-r358 github.com: https://github.com/libfuse/libfuse/commit/7beb86c09b6ec5aab14dc25256ed8a5ad18554d7 github.com: https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.2